From 53187613363ded52deb2a265b586ccecc1b3d51d Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sat, 28 Feb 2026 17:03:33 +0000 Subject: [PATCH] [ci skip] fix OOM crashes: add resource limits for osrm-bicycle, aiostreams, listenarr, authentik - osrm-bicycle: 1Gi limit (loads 403MB routing graph) - aiostreams: 768Mi limit (loads 44K anime entries) - listenarr: 1Gi limit (.NET + Playwright/Chromium) - authentik server: 1Gi limit, worker: 1Gi limit (Django + gunicorn) - servarr: pass nfs_server variable to all submodules --- stacks/osm_routing/main.tf | 10 ++++++++++ stacks/platform/modules/authentik/values.yaml | 14 ++++++++++++++ stacks/servarr/aiostreams/main.tf | 10 ++++++++++ stacks/servarr/listenarr/main.tf | 10 ++++++++++ stacks/servarr/main.tf | 5 +++++ 5 files changed, 49 insertions(+) diff --git a/stacks/osm_routing/main.tf b/stacks/osm_routing/main.tf index 9e65b045..1c1988d8 100644 --- a/stacks/osm_routing/main.tf +++ b/stacks/osm_routing/main.tf @@ -124,6 +124,16 @@ resource "kubernetes_deployment" "osrm-bicycle" { name = "osrm-data" mount_path = "/data" } + resources { + requests = { + cpu = "15m" + memory = "512Mi" + } + limits = { + cpu = "250m" + memory = "1Gi" + } + } } volume { name = "osrm-data" diff --git a/stacks/platform/modules/authentik/values.yaml b/stacks/platform/modules/authentik/values.yaml index 2b267407..eb0f5c0f 100644 --- a/stacks/platform/modules/authentik/values.yaml +++ b/stacks/platform/modules/authentik/values.yaml @@ -17,6 +17,13 @@ authentik: server: replicas: 3 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: "2" + memory: 1Gi ingress: enabled: false # hosts: @@ -29,3 +36,10 @@ global: worker: replicas: 3 + resources: + requests: + cpu: 50m + memory: 256Mi + limits: + cpu: "1" + memory: 1Gi diff --git a/stacks/servarr/aiostreams/main.tf b/stacks/servarr/aiostreams/main.tf index a97af8bf..9a5e70e3 100644 --- a/stacks/servarr/aiostreams/main.tf +++ b/stacks/servarr/aiostreams/main.tf @@ -61,6 +61,16 @@ resource "kubernetes_deployment" "aiostreams" { name = "data" mount_path = "/app/data" } + resources { + requests = { + cpu = "50m" + memory = "256Mi" + } + limits = { + cpu = "500m" + memory = "768Mi" + } + } } volume { name = "data" diff --git a/stacks/servarr/listenarr/main.tf b/stacks/servarr/listenarr/main.tf index 035971d7..15341a8c 100644 --- a/stacks/servarr/listenarr/main.tf +++ b/stacks/servarr/listenarr/main.tf @@ -40,6 +40,16 @@ resource "kubernetes_deployment" "listenarr" { name = "data" mount_path = "/app/config" } + resources { + requests = { + cpu = "25m" + memory = "256Mi" + } + limits = { + cpu = "1" + memory = "1Gi" + } + } } volume { name = "data" diff --git a/stacks/servarr/main.tf b/stacks/servarr/main.tf index 105c55d3..69562b8a 100644 --- a/stacks/servarr/main.tf +++ b/stacks/servarr/main.tf @@ -1,5 +1,6 @@ variable "tls_secret_name" { type = string } variable "aiostreams_database_connection_string" { type = string } +variable "nfs_server" { type = string } resource "kubernetes_namespace" "servarr" { @@ -28,12 +29,14 @@ module "prowlarr" { source = "./prowlarr" tls_secret_name = var.tls_secret_name tier = local.tiers.aux + nfs_server = var.nfs_server } module "qbittorrent" { source = "./qbittorrent" tls_secret_name = var.tls_secret_name tier = local.tiers.aux + nfs_server = var.nfs_server } module "flaresolverr" { @@ -58,6 +61,7 @@ module "listenarr" { source = "./listenarr" tls_secret_name = var.tls_secret_name tier = local.tiers.aux + nfs_server = var.nfs_server } module "aiostreams" { @@ -65,4 +69,5 @@ module "aiostreams" { tls_secret_name = var.tls_secret_name aiostreams_database_connection_string = var.aiostreams_database_connection_string tier = local.tiers.aux + nfs_server = var.nfs_server }